Skip to content

Fail closed on unknown toolsets in strict mode#2118

Open
davidahmann wants to merge 1 commit intogithub:mainfrom
davidahmann:codex/issue-2117-strict-unknown-toolsets
Open

Fail closed on unknown toolsets in strict mode#2118
davidahmann wants to merge 1 commit intogithub:mainfrom
davidahmann:codex/issue-2117-strict-unknown-toolsets

Conversation

@davidahmann
Copy link

@davidahmann davidahmann commented Mar 1, 2026

Problem

Unknown toolset names are currently ignored with warnings, which can silently broaden/alter effective exposure when configs contain typos.

Why now

Strict environments need deterministic fail-closed startup on unknown toolset inputs.

What changed

  • Added new CLI flag/config: --strict-toolsets (GITHUB_STRICT_TOOLSETS).
  • Wired strict setting from CLI/viper to stdio server config and GitHub server config.
  • Updated server behavior:
    • non-strict mode: keep current warning behavior for unrecognized toolsets
    • strict mode: fail startup when any configured toolset is unrecognized.
  • Added regression tests in pkg/github/server_test.go for strict fail and non-strict allow paths.
  • Updated docs/toolsets-and-icons.md with strict-mode behavior and migration path.

Validation

  • go test ./pkg/github -run "StrictToolsets|ResolveEnabledToolsets|NewMCPServer_CreatesSuccessfully"
  • go test ./cmd/github-mcp-server

Refs #2117

@davidahmann davidahmann requested a review from a team as a code owner March 1, 2026 16:49
@davidahmann

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davidahmann